On Tue, Mar 08, 2005 at 02:30:43PM -1000, [EMAIL PROTECTED] wrote: > I have tried turning off my firewall completely, and I still > cannot get out. I have found that if I turn on IP forwarding > / masquerading, everything works just fine. However, with IP > forwarding / masquerading on, I found that one could still > access the internet if they disabled the proxy server setting > on the Windows box. If possible I would like internet access > "disabled" if someone turns off the proxy server settings on > the Windows box. If I change the gateway back to the original > settings (our main router), then everything works fine.
Your message made it sound like you could not hit tcp/25 and tcp/110 on the Linux box. If you are trying to hit those ports on an external server, then yes, you will need to enable NAT on the box. My original suggestion does not change, however. Make sure you open up the necessary ports and leave the rest off. Web access gets through because by default, you let everything out. Be sure to move your router to a different physical segment. I would recommend picking up Zwicky's _Building Internet Firewalls_. -Vince
